The WannaCry ransomware has mysterious ties to North Korea


Researchers at Kaspersky Lab have uncovered new evidence linking the WannaCry ransomware code to North Korea. In a post today, the group detailed a segment of code used in both an early WannaCry variant and a February 2015 sample attributed to the Lazarus Group, a Kaspersky-tracked actor tied to the North Korean government. The overlap was first spotted by Google researcher Neal Mehta, and Kaspersky believes the similarity goes far beyond shared code.
“We strongly believe the February 2017 sample was compiled by the same people,” Kaspersky writes, “or by people with access to the same source code as the May 2017 WannaCry encryptor used in the May 11th wave of attacks.” [Read more here...]

Comments

Post a Comment

Popular posts from this blog

Registering a single web address may have stopped a global malware attack

Image
Over the past 24 hours, a ransomware program called WannaCry has shut down more than 75,000 computers across 99 countries, including a string of hospitals in the United Kingdom and critical gas and water utilities in Spain. But despite the massive scale of the attack, stopping new infections from the attack seems to have been as simple as  registering a single web address . This morning,  researchers announced  they had  found a kill switch  in the code of the ransomware program — a single domain which, when registered, would prevent any infections from taking place. It’s still unclear whether registering that domain will stop every strain of the infection, but it should severely limit the global spread of the attack. [ Read more here... ]
Read more

How to Accidentally Stop a Global Cyber Attacks

Image
So finally I’ve found enough time between emails and Skype calls to write up on the crazy events which occurred over Friday, which was supposed to be part of my week off (I made it a total of 4 days without working, so there’s that). You’ve probably read about the WannaCrypt fiasco on several news sites, but I figured I’d tell my story. I woke up at around 10 AM and checked onto the UK cyber threat sharing platform where i had been following the spread of the Emotet banking malware, something which seemed incredibly significant until today. There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant…yet. I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing. [ Read more here... ]
Read more

The NSA’s leaked Windows hack caused more damage than just WannaCry

Image
When the ShadowBrokers first published the code for EternalBlue — an NSA exploit targeting Windows’ file-sharing protocol — researchers knew it was a bad bug. But most had no idea of the scale of the damage that would be caused by the vulnerability. Much of that damage has only become visible in recent days, as a ransomware program dubbed “WannaCry” locked up computers from the UK’s National Health Service to the Russian Ministry of the Interior. Some of the damage caused by EternalBlue was harder to spot, caused by more discreet malware designed to infect and monetize computers without leaving a trace. As researchers look for clues as to WannaCry’s origins, more of those programs are coming to light, and giving us more information about the sheer scale of the damage caused by Eternal Blue. [ Read more here... ]
Read more